“compliance with the law is not enough.”
“What then is the relationship of ethics and the law? From my perspective, ethics come before, during and after the law. It informs how laws are drafted, interpreted and revised. It fills the gaps where the law appears to be silent,”
“Ethics is the basis for challenging laws. Remember that slavery was legal. Child labour and censorship are still legal in many jurisdictions”.
by Giovanni Buttarelli
DIGITAL ETHICS AND LEGAL DATA PROTECTION COMPLIANCE?
The GDPR is an important step forward but digital technologies will continue to evolve and laws will quickly become out of date. The GDPR focuses on individual rights. It does not consider the broader societal implications of new digital technologies. Ethical thinking and deliberation come before, during, and after the law. Ethics are the foundations of our legal systems and ensure that they are updated when necessary. Debating ethics and discussing what is right and wrong is the process of societal self-reflection and self-evaluation on which we, as members of society, establish values and norms and enact binding, enforceable rules. This is where the difference between law and ethics lies. While laws are part of a society’s ethics, their differentiating characteristic is that they are enforceable, that there is a public, official mechanism that holds you to account and sanctions you if you violate them. History has shown that ethical notions of good and bad change. This means that they must continuously be re-debated and re-defined. Whenever technological innovation came with risks and dangers, ethics have been key in addressing and preventing them. Ethics can also help us now to find a path into a digital future that re-affirms and protects our long-standing culture of values and rights
Professor Norman Sadeh said at our conference: “Ethics is not a destination; it is a journey.”
Europe instead should be innovating in ways that will enable businesses to earn the trust of people again. A first step would be to reconsider what we mean by consent. Consent has to be specific, informed and freely given.If what you are doing with data is clearly unobjectionable –maybe consent is not the appropriate legal basis. You should be confident that you have risk mitigation measures in place, that you are considering the best interests of the individual data subject, therefore aim to rely on the legitimate interests legal grounds. My prediction is that as the GDPR beds in, and as the rest of the world increasingly emulates Europe’s standards, we will see some new business models emerge –where data protection by design is visibly in play. It will be up to regulators and supervisory authorities to support such innovation.
by Giovanni Buttarelli
